{% set host_index = groups[(inventory_hostname in groups['nova_controller']) | ternary('nova_controller', 'nova_compute')].index(inventory_hostname) % groups['rabbitmq'] | count %}
{% set rabbit_hosts = groups['rabbitmq'][host_index:] + groups['rabbitmq'][:host_index] %}
[DEFAULT]
# Logs / State
debug = {{ nova_debug }}
verbose = True
use_stderr = False
use_syslog = {{ nova_syslog_use }}
log_dir = /var/log/nova
rootwrap_config = /etc/nova/rootwrap.conf
service_down_time = {{ nova_service_down_time }}

host = {{ inventory_hostname }}
state_path = /var/lib/nova

# Compute
{% if groups['ironic'] | count > 0 %}
compute_driver = nova.virt.ironic.IronicDriver
scheduler_host_manager=nova.scheduler.ironic_host_manager.IronicHostManager
ram_allocation_ratio=1.0
reserved_host_memory_mb=0
compute_manager=ironic.nova.compute.manager.ClusteredComputeManager
scheduler_use_baremetal_filters=True
scheduler_tracks_instance_changes=False
{% else %}
compute_driver = {{ nova_compute_driver }}
scheduler_default_filters = {{ nova_scheduler_default_filters }}
{% endif %}

instances_path = /var/lib/nova/instances
instance_name_template = instance-%08x
allow_resize_to_same_host = True
osapi_compute_listen = 127.0.0.1
osapi_compute_link_prefix = {{ os_proto }}://{{ os_public_address }}:8774
enabled_apis = osapi_compute, metadata

cpu_allocation_ratio = {{ nova_cpu_allocation_ratio }}
ram_allocation_ratio = {{ nova_ram_allocation_ratio }}
disk_allocation_ratio = {{ nova_disk_allocation_ratio }}

# Rpc all
transport_url = rabbit://{% for host in rabbit_hosts %}{{ nova_rabbit_user }}:{{ nova_rabbit_password }}@{{ hostvars[host].ip.mgmt }}:5672{% if not loop.last %},{% endif %}{% endfor %}/{{ nova_rabbit_vhost }}

# Metadata
metadata_host = {{ vip_mgmt }}
metadata_listen = {{ ip.mgmt }}

# Network
my_ip = {{ ip.mgmt }}
use_neutron = True
security_group_api = neutron
{% if neutron_mtu > 0 %}
network_device_mtu = {{ neutron_mtu }}
{% endif %}

{% if neutron_physical_interface_driver == 'openvswitch' %}
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
{% elif neutron_physical_interface_driver == 'linuxbridge' %}
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
{% endif %}
firewall_driver = nova.virt.firewall.NoopFirewallDriver
default_floating_pool = {{ nova_default_floating_pool }}

# Authentication
auth_strategy = keystone

## Vif
libvirt_vif_type = ethernet
vif_plugging_timeout = 10
vif_plugging_is_fatal = False

# Hypervisor
default_ephemeral_format = ext4


# Ceilometer notification configurations
instance_usage_audit = {{ nova_instance_usage_audit }}
instance_usage_audit_period = {{ nova_instance_usage_audit_period }}
notify_on_state_change = vm_and_task_state

#console ssl
{% if nova_console_ssl | bool %}
ssl_only=True
key={{ SSLCertificateKeyFile }}
cert={{ SSLCertificateFile }}
{% endif %}


[wsgi]

api_paste_config = /etc/nova/api-paste.ini


[crypto]

keys_path = /var/lib/nova/keys


#vnc
[vnc]
{% if nova_console_type == 'vnc' %}
enabled = True
{% else %}
enabled = False
{% endif %}
novncproxy_host = {{ ip.mgmt }}
keymap = {{ nova_console_keymap }}
novncproxy_base_url = {{ nova_novncproxy_base_url }}
vncserver_listen = {{ ip.mgmt }}
vncserver_proxyclient_address = {{ ip.mgmt }}


# Cinder
[cinder]
catalog_info = volumev2:cinderv2:internalURL
os_region_name = {{ keystone_region_name }}
{% if SSLCACertificateFile != '' %}
cafile = {{ SSLCACertificateFile }}
{% endif %}
insecure = {{ ssl_insecure }}


[spice]
{% if nova_console_type == 'spice' %}
agent_enabled = True
enabled = True
{% else %}
agent_enabled = False
enabled = False
{% endif %}
keymap = {{ nova_console_keymap }}
html5proxy_base_url = {{ nova_spiceproxy_base_url }}
html5proxy_host = {{ ip.mgmt }}
server_listen = {{ ip.mgmt }}
server_proxyclient_address = {{ ip.mgmt }}


[cache]

enabled = True
backend = oslo_cache.memcache_pool
memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host].ip.mgmt }}:11211{% if not loop.last %},{% endif %}{% endfor %}


# Glance
[glance]
api_servers = {{ os_proto }}://{{ os_internal_address }}:9292
host = {{ os_internal_address }}
port = 9292
api_insecure = {{ ssl_insecure }}
protocol = {{ os_proto }}


# Neutron
[neutron]
url = {{ os_proto }}://{{ os_internal_address }}:9696
auth_url = {{ keystone_proto }}://{{ keystone_admin_address }}:35357
auth_type = password
region_name = {{ keystone_region_name }}
user_domain_name = {{ neutron_domain_name }}
username = {{ neutron_admin_user }}
password = {{ neutron_admin_password }}
project_domain_name = {{ neutron_project_domain_name }}
project_name = {{ neutron_project_name }}
{% if SSLCACertificateFile != '' %}
cafile = {{ SSLCACertificateFile }}
{% endif %}
insecure = {{ ssl_insecure }}

service_metadata_proxy = True
metadata_proxy_shared_secret = {{ metadata_proxy_shared_secret }}


[ssl]
{% if SSLCACertificateFile != '' %}
ca_file = {{ SSLCACertificateFile }}
{% endif %}


[conductor]
topic = conductor
workers = {{ nova_conductor_workers }}


[keystone_authtoken]

auth_type = password
signing_dir = /var/lib/nova/cache/api
auth_uri = {{ keystone_proto }}://{{ keystone_internal_address }}:5000
auth_url = {{ keystone_proto }}://{{ keystone_internal_address }}:35357
region_name = {{ keystone_region_name }}
user_domain_name = {{ nova_domain_name }}
username = {{ nova_admin_user }}
password = {{ nova_admin_password }}
project_domain_name = {{ nova_project_domain_name }}
project_name = {{ nova_project_name }}
{% if SSLCACertificateFile != '' %}
cafile = {{ SSLCACertificateFile }}
{% endif %}
insecure = {{ ssl_insecure }}

memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host].ip.mgmt }}:11211{% if not loop.last %},{% endif %}{% endfor %}

token_cache_time = 300
revocation_cache_time = 60

# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}

# if your keystone deployment uses PKI, and you value security over performance:
check_revocations_for_cached = False


{% if inventory_hostname in groups['nova_controller'] %}
[api_database]
connection = mysql+pymysql://{{ nova_api_db_user }}:{{ nova_api_db_password }}@{{ nova_mysql_server }}/{{ nova_api_db }}?charset=utf8
max_retries = -1


[database]
connection = mysql+pymysql://{{ nova_db_user }}:{{ nova_db_password }}@{{ nova_mysql_server }}/{{ nova_db }}?charset=utf8
max_retries = -1
{% endif %}


[oslo_concurrency]
lock_path = /var/lock/nova


[oslo_messaging_notifications]
driver = messagingv2
transport_url = rabbit://{% for host in rabbit_hosts %}{{ nova_rabbit_user }}:{{ nova_rabbit_password }}@{{ hostvars[host].ip.mgmt }}:5672{% if not loop.last %},{% endif %}{% endfor %}/{{ nova_rabbit_vhost }}


[oslo_messaging_rabbit]

rabbit_ha_queues = true


{% if inventory_hostname in groups['nova_compute'] %}
[libvirt]

use_usb_tablet = False
use_virtio_for_bridges = True
virt_type = {{ nova_virt_type }}
live_migration_uri = qemu+ssh://nova@%s/system?keyfile=/var/lib/nova/.ssh/id_rsa&no_tty=1&no_verify=1
live_migration_tunnelled = {{ nova_live_migration_tunelled }}
live_migration_completion_timeout = {{ nova_live_migration_completion_timeout }}
live_migration_progress_timeout = {{ nova_live_migration_progress_timeout }}

{% if nova_ephemeral_backend == 'ceph' %}
#ceph
rbd_user = {{ nova_ephemeral_ceph_user }}
rbd_secret_uuid = {{ nova_ephemeral_volume_secret_uuid }}
images_type = rbd
images_rbd_pool = {{ nova_ephemeral_ceph_pool }}
images_rbd_ceph_conf = /etc/ceph/{{ ceph_cluster_name }}.conf
hw_disk_discard = unmap
{% endif %}

{% if groups['ironic'] | count > 0 %}
[ironic]

# Ironic keystone admin name
admin_username={{ ironic_admin_user }}

#Ironic keystone admin password.
admin_password={{ ironic_admin_password }}

# keystone API endpoint
admin_url={{ keystone_proto }}://{{ keystone_admin_address }}:35357/v2.0

# Ironic keystone tenant name.
admin_tenant_name={{ ironic_project_name }}

# URL for Ironic API endpoint.
api_endpoint=http://{{ vip_mgmt }}:6385/v1
{% endif %}

{% endif %}
